sylius/sylius is vulnerable to information disclosure. The vulnerability exists as the internal exception message gets exposed in the login action through the value of last_error.message
in Security/_login.html.twig
.
CPE | Name | Operator | Version |
---|---|---|---|
sylius/sylius | le | 1.3.13 | |
sylius/sylius | le | 1.4.9 | |
sylius/sylius | le | 1.5.6 | |
sylius/sylius | le | 1.6.2 |